Rewriting the Network

By Nick Clayton

Networking is the plumbing of the computer world. Everybody knows it is vitally important, but it is very hard to get excited about especially as it is mired in often impenetrable jargon.

The reason networking start-up Nicira attracted so much attention last week was as much to do with its high-powered friends, $50m funding and powerful customer list, as its technology. Mind you with backing from the likes of Silicon Valley VC megastars such as Andreessen-Horowitz and initial customers including Rackspace and Japan’s NTT, Nicira was not going to be ignored.

Tom Simonite writing in Technology Review published by M.I.T. provides a fascinating and necessarily lengthy examination of what Nicira represents, how it works and why the man behind it, Martin Casado, came to reinvent the technology that runs the Internet.

It is a story starts with a failure when, in 2003, Mr. Casado could not develop a suitable way for one of the U.S. security agencies to be able to temporarily close off part of the Internet. The aim was to create an updated version of the secure hotline between the Kremlin and the White House.

The failure provided some of the motivation when he joined Stanford University and began to develop a radical new way for networks to operate.

Casado and his PhD supervisor, Nick McKeown (also a close friend), found their ideas initially unappreciated and even derided by other computer scientists. “When we first published, they thought we were nutty,” Casado recalls. “We submitted a paper and were literally made fun of in the reviewers’ comments. They said, ‘This will never work.’”

The crux of that supposedly unworkable idea was to take away the stubborn independence of the network hardware. All those routers and switches would take orders from one central piece of software; a single command could then reconfigure every piece of a network…

The product is clunkily named Network Virtualization Platform. It’s aimed at the operators of data centers, the computer-stuffed warehouses that run Internet services and websites. Casado freely admits that it is hard to impress a layperson with his technology: “People do struggle to understand it,” he says…

One reason [companies] resist cloud computing, Casado says, is that network architecture is too decentralized to reconfigure easily, which leaves the cloud insecure and unreliable. Cloud computing providers tend to run entire data centers on one shared network. If, for example, Coke and Pepsi both entrusted their computer systems to one of today’s public cloud services, they might share a network connection, even though their data stores would be carefully kept separate. That could pose a security risk: a hacker who accessed one company’s data could see the other’s. It would also mean that a busy day for Coke would cause Pepsi’s data transfers to slow down.

All of that changes when Nicira’s software is installed on the servers in a data center. The software blocks the applications or programs running on the servers from interacting with the surrounding network hardware. A virtual network then takes over to do what a computer network needs to do: it provides a set of connections for the applications to route data through. Nicira’s virtual network doesn’t really exist, but it’s indistinguishable from one made up of physical routers and switches.

To describe the power this gives to cloud administrators, Casado uses a Hollywood reference. “We actually give them the Matrix,” he says. The movie’s Matrix manipulated the brains of humans floating in tanks to provide the sensation that they were walking, talking, and living in a world that didn’t exist. Nicira’s version pulls a similar trick on the programs that reside on a server inside a data center, whether they are running a website or a phone app. In practice, this means that administrators can swiftly reprogram the virtual network to offer each application a private connection to the rest of the Internet. That keeps data more secure, and Coke’s data crunch would affect Coke alone. It also lets the cloud provider set up automatic controls that compensate for events like sudden spikes in demand…

The Matrix-like control that Nicira offers should also make the Internet more reliable. After the Fukushima-Daichi nuclear disaster in Japan last March, electricity rationing and scarce supplies of diesel for generators trapped some Web services offline in powerless data centers. Last August NTT showed that Nicira’s technology could have kept those systems active by moving them rapidly elsewhere. In tests, software was smoothly transferred between data centers 30 miles apart without even having to stop the programs from running. Even as NTT’s software moved to new physical hardware, Nicira’s technology maintained the illusion that nothing had changed. “We can move like liquid between data centers ahead of brownouts,” says Casado. Making such transfers without Nicira’s technology would mean laboriously reprogramming network hardware and turning off the system being protected from the brownout.

If Nicira’s is as effective as Mr. Casado suggests it is, it will have a huge impact on network resources and big-name hardware suppliers. Although, it has to be said, the only people who are like to actually see the revolution in action are network administrators.

Add a Comment

About Tech Europe

Tech Europe covers Europe’s technology leaders, their companies, and the people and industries that support them — and their ideas. The blog is edited by Ben Rooney, with contributions from The Wall Street Journal and Dow Jones Newswires.